Agencies can mandate personal phones

Sep. 2, 2012 - 12:39PM
|

A woman uses her smartphone as coming out of a Metro station in Washington, D.C. (Jewel Samad / AFP via GettyImages)

ADVERTISEMENT

Federal employees could one day be required to use their personal cellphones, tablet computers or other mobile devices for work.

Guidance released last month advises agencies to consider whether participation in “bring your own device” (BYOD) programs should be mandatory — a step up from the voluntary programs agencies such as the Equal Employment Opportunity Commission, Merit Systems Protection Board and Nuclear Regulatory Commission have developed.

Mandatory programs would largely shift the costs of purchasing, using and repairing cellphones and smartphones from the agency to the employee — an expense that is sure to raise concern among employees and unions.

The guidance provides no details on how a mandatory program might work. Whether employees would be reimbursed for the expense of using their personal devices is an open question, for example, but the guidance acknowledges that BYOD programs may “necessitate government reimbursement,” and it provides a model policy showing the state of Delaware’s requirements for reimbursement.

Although no agency has publicly announced a mandatory BYOD program, some information technology executives hope to one day eliminate government-issued smartphones and other devices.

“I could see five years from today us being in a situation where I didn’t even issue devices,” Roger Baker, chief information officer at the Veterans Affairs Department, said during a recent conference call.

Considering that IT budgets are declining and agencies are under White House orders to reduce the number of smartphones, desktops and laptop computers, Baker’s vision doesn’t seem far-fetched.

The federal government currently spends about $1.2 billion annually for mobile and wireless services and devices and has about 1.5 million active accounts. Many feds also carry personal smartphones more powerful than their government phones.

“A lot of young federal employees coming into the VA have their own devices, and it makes more sense to let them use their own device than [to] give them another device to communicate on,” D.J. Kachman, director of security assurance and mobile technologies for VA, said last month at a mobile conference in Washington.

NASA’s chief technology officer for IT, Sasi Pillay, said the agency could focus more money and timeon its mission if most smartphones and laptops were owned by the employee and not purchased by NASA.

“My grand vision ... is NASA not owning the IT assets,” Pillay said.

Precedence in private sector

In the private sector, at least one federal contractor requires BYOD.

Cloud solutions provider VMware launched a mandatory program last fall, requiring employees to either keep their corporate smartphones and pay the costs or use their own. Reimbursements are provided based on the nature of an employee’s work, said Ben Goodman, a product marketing manager at VMware.

Employees were getting corporate devices whether they needed them or not. “BYOD hit the reset button on that,” Goodman said. The company can now regain control over devices and wireless costs by deciding who gets reimbursed and how much.

Employees had mixed feelings initially. But those who were previously frustrated because corporate devices lagged behind the latest devices can now use their own.

It isn’t clear how much the company has saved to date, but Goodman said employees are far more cost-conscious. VMware has an internal social networking site where employees share tips on the best wireless plans and sales for wireless devices.

When VMware paid for corporate devices, there was no incentive for employees to find the cheapest plans or be prudent cellphone users, Goodman said. BYOD “allows the end user to participate in the driving down of corporate cost,” he said.

At the state level, California Gov. Jerry Brown last year ordered workers to return 48,000, or half of the state’s 96,000 state-paid phones.

“In the face of a multibillion-dollar budget deficit, a cellphone may not seem like a big expense,” Brown said at the time. “But spending $20 million, and perhaps far more than that, on cellphones can’t be justified. We’re facing a budget crisis in California, and I want to achieve all possible, reasonable savings.

At the state’s Department of Health Care Services, 100 employees — mostly managers — volunteered to use their personal devices to spare nurses and other critical workers from losing the smartphones they depend on for work.

About 300 department employees, including rank-and-file workers, were still forced to turn in their BlackBerrys. Phones were taken based on employees’ workloads and whether they were responsible for managing critical services, said department CIO Chris Cruz.

At first, some IT employees, who were forced to return their BlackBerrys, refused to answer calls on their personal phones after hours. “I think we’ve adjusted now, [and] I have not had or heard any issues,” Cruz said.

In the next three to five years, he foresees most department employees participating in a mandatory BYOD program, but that would require contract negotiations and talks with the unions, he said. A reimbursement would be likely.

Over the past year, his department has saved more than $300,000.

Bill Hickox, chief operating officer of Delaware’s Department of Technology & Information, said his state’s BYOD program was in part prompted by California’s decision.

For now, Delaware’s program is voluntary and only requires employees to return their government BlackBerrys in exchange for a reimbursement for using their personal devices. If the state were forced to reduce cellphone costs because of budget cuts, there is now a BYOD program in place and a structure for employees to use their own devices, Hickox said.

Mobile guidance

The new federal guidance, one of several action items required under the administration’s Digital Government Strategy released in May, is a toolkit of sample documents for developing BYOD policies, and case studies of successful programs.

Also as part of the strategy, the National Institute of Standards and Technology plans to release draft guidelines this year for securing BYOD devices for remote access and telework programs, said Matt Scholl, deputy chief for NIST’s Computer Security Division.

While the new guidance cautions that BYOD programs may not be right for all agencies because of security and legal challenges, it says BYOD “also enables employees the flexibility to work in a way that optimizes their productivity” and “can and should be cost-effective.”

For certain sensitive or emergency-related jobs, including law enforcement, agencies may choose to keep government devices, said Jere Carroll, general manager of Dell Federal Civilian.

“A one-size-fits-all policy throughout the government doesn’t work,” Carroll said.

For now, agencies such as EEOC and NRC have made their BYOD programs voluntary and do not require participants to return their government-issued BlackBerrys. Unions at both agencies helped shape the BYOD policies and raised concerns about passing on costs to employees.

At the Merit Systems Protection Board, employees who participate must agree to certain stipulations, such as to return their government BlackBerrys if their personal devices can provide the same services.

“We want them to return their device so we can sunset it and cancel the subscription for that device,” said CIO Tommy Hwang. “For us, that is $50 a month” for minutes, data and texts.

“If we get enough voluntary responses, there really is no need to make it mandatory,” said Hwang, but he has not ruled out the option of a mandatory program.

A handful of the agency’s 220 employees have requested to join the program since the BYOD policy was finalized in mid-August, but he expects that number will increase.

Other agencies, such as the National Credit Union Administration, are steering clear of a BYOD program, at least near-term.

Privacy and cost issues and security concerns that could arise if feds travel internationally with government data on their personal devices are all reasons why CIO Ronnie Levine isn’t actively considering BYOD.